Editor's note: The IAPP is policy neutral. We publish contributed opinion and analysis pieces to enable our members to hear a broad spectrum of views in our domains.
Coming to London for the IAPP's annual Data Protection Intensive: U.K. is always a treat. This year, roaming the halls of the venue, the streets of Whitechapel all the way to Westminster was particularly interesting. Here are five things I picked up this week.
Europe
Overall, whether on the IAPP keynote stage or in discussions with high-level civil servants and elected officials, many conversations convey that the U.K. is looking toward Europe with an open heart again, five years after the Brexit vote. Ukrainian flags flying high on many government buildings are a very visible illustration of that sentiment, the many public references to the U.K. wanting to be closer to Europe another.
Mesh
Amid digital turmoil in the trans-Atlantic relationship, a complex European regulatory framework and a tormented domestic policy environment state side, the U.K. sees an opportunity to offer a middle road that would balance innovation and regulation appropriately.
Minister of State for Data Protection and Telecoms at the U.K. Department for Science, Innovation and Technology Chris Bryant recalled that "in current geopolitics, (the) U.K. has a role to play to hold on to respect of the rule of law."
He believes the country can play a role in "meshing" the different legal traditions and constructs across the U.K., U.S. and EU.
Third way
Certainly, the U.K. is moving its data agenda along. Parliament is finalizing its Data Use and Access Bill, expected on statute books by Easter or shortly after. This timeline coincidently — or not — aligns with the upcoming discussion on the EU's two adequacy decisions for the U.K., set to expire 27 June.
The mood in London is pretty confident that the European Commission will find the U.K. continues to ensure an "essentially equivalent" level of data protection to the EU, although the U.K.-U.S. data bridge and changes happening on the other side of the Atlantic will no doubt raise questions regarding onward transfers, at the very least.
Overall, as the U.K. looks at the digital agenda, Bryant's observation was that the U.K. needs to know now which areas it needs to legislate further. The goal is to balance proportionate regulation, enforce standards when it helps regulation, enable secure investments and take great ideas to market.
ICO
U.K. Information Commissioner John Edwards wants to "regulate for outcomes, not outputs." With its "ripple effect" campaign last year, the ICO looked at real cases of how administrative errors and mishandling of personal data can have ripple effects far beyond the intended effect, citing the example of women fleeing an abusive household only for their secret new location to be revealed.
The ICO is also pursuing children's privacy work, as it launched last week investigations into how social media and video sharing platforms assess the age of their users and tailor content accordingly.
"By focusing on large platforms, we are not giving a free pass to others. Last week's announcement should serve as a warning shot. Get your house in order," Edwards said.
Governance
According to CEO of the Digital Regulation Cooperation Forum Kate Jones, 2025 is the year of digital and artificial intelligence governance.
"The governance architecture we erect now may have lasting impact on generations to come," she cautioned.
Isabelle Roccia, CIPP/E, is the managing director, Europe, for the IAPP.
This article originally appeared in the Europe Data Protection Digest, a free weekly IAPP newsletter. Subscriptions to this and other IAPP newsletters can be found here.